Create a model for security.txt
blink1073 opened this issue · comments
Steven Silvester commented
cf jupyter-server/jupyter_server#249
We should have a standard method for handling security.txt files.
Note that the one used by our main website is from the notebook project. Should the encryption file be generated per project?
M Bussonnier commented
O don't think we need a per project encryption as vuln can anyway be across
projects.
…On Mon, Aug 30, 2021, 04:31 Steven Silvester ***@***.***> wrote:
cf jupyter-server/jupyter_server#249
<jupyter-server/jupyter_server#249>
We should have a standard method for handling security.txt
<https://en.wikipedia.org/wiki/Security.txt> files.
Note that the one used by our main website
<https://github.com/jupyter/jupyter.github.io/blob/b954bd1f39b449991c6e4df559964019878c5e74/.well-known/security.txt>
is from the notebook project. Should the encryption file be generated per
project?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#3>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACR5T4A4Q5EJXOVW7CTSYLT7NTX7ANCNFSM5DBVQV5Q>
.
Rick Wagner commented
I agree, we should limit the number of encryption keys, but have a simple policy on how to manage them.
I submitted a minimal SECURITY.md for JupyterHub. Something like this could be part of a repository template.